W3C home > Mailing lists > Public > xml-encryption@w3.org > April 2002

Re: FW: Re: rsa/oaep

From: Jiandong Guo <jguo@phaos.com>
Date: Thu, 18 Apr 2002 11:29:26 -0400
Message-ID: <3CBEE656.BA86CDFC@phaos.com>
To: Tom Gindin <tgindin@us.ibm.com>
CC: xml-encryption@w3.org, reagle@w3c.org


Tom Gindin wrote:

>       I'm not an expert on XML syntax, but I don't think that requiring
> that the MGF function be SHA-1 (as opposed to defaulting it) is reasonable.
> The primary reason for this is that at some time in the next few years
> SHA-256 (along with SHA-384 and SHA-512) will be standardized, and a few
> years after that one of those will become widely used.  Eventually it will
> be more common than SHA-1 because of its larger range size.  RIPEMD-160 is
> a less important case.

I agree with you on this. But my concern is how to put the syntax correctly to
accomondate it.
I guess it was decided early on that MGF stuff  (I don't know the history) not
put in the XML schema.
The common sense is that if a parameter in a algorithm  is not present, then
the default should be used if there is one.

>
>       By comparison, requiring that the MGF function match the hash
> function is far more reasonable.  It isn't necessary, but it seems to be
> the most common practice.
>

If we require this without specifying it in  the syntax, we will be in a mess
if we want to extend the schema to
include the support of any other Mask Generation Function in the furture.

Jiandong Guo
Phaos Technology
Received on Thursday, 18 April 2002 11:28:34 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 October 2009 08:42:21 GMT